Women in Technology

Hear us Roar

  Six Cool New JSP and Servlet Features
Subject:   <c:out/> and escaping
Date:   2004-02-11 21:30:15
From:   pelletk
Thanks for the article - a good synopsis of highlights of the new features, and well-explained to boot.

I'd just like to point out that a bare EL statement such as ${foo} is not quite the equivalent of <c:out value='${foo]'/>

The distinction is that <c:out../> will escape XML characters by default (this can be turned off with escapeXml='false'), whereas ${foo} will leave the contents of foo untouched.

I've recently seen it suggested elsewhere that JSP 2.0 pages should replace all <c:out/> with ${...}. This could have serious side-effects if the content of the variables presented is not considered carefully with respect to escaping.

Main Topics Oldest First

Showing messages 1 through 1 of 1.

  • <c:out/> and escaping
    2004-02-12 10:14:45  bperry [View]

    I will add to your helpful comment:
    Using Tomcat 5.x, include the following code in a JSP:
    <c:set var="myValue" value="a tag </tag>" />
    <c:out value="${myValue}" /></ br>

    This will produce the following browser output in the client:

    a tag </tag></ br>
    a tag </tag>

    Meaning that the client browser will output "</tag>" when the c:out element is used (because the "</ >" characters are escaped); however, including the EL statement in template text will cause the tag to be added to the underlying template code.